package com.gulimall.gateway.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsWebFilter;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;
import org.springframework.web.server.ServerWebExchange;

@Configuration
public class MallCrosWebConfig {
    @Bean
    public CorsWebFilter corsWebFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();

        // 【关键修正 1】：移除或注释掉 allowedOrigin("*")
        // config.addAllowedOrigin("*");

        // 【关键修正 2】：使用 addAllowedOriginPattern("*") 替代
        config.addAllowedOriginPattern("*");

        config.addAllowedHeader("*");
        // 注意：您代码中重复添加了 config.addAllowedOrigin("*"); 建议删除一个。
        // config.addAllowedOrigin("*"); // 删除此行

        config.addAllowedMethod("*"); // 最好也添加上允许的方法，防止 OPTIONS 请求问题
        config.setAllowCredentials(true);

        source.registerCorsConfiguration("/**", config);
        return new CorsWebFilter(source);
    }
}


